[Mimedefang] .eml attach not removed
Marco Berizzi
pupilla at hotmail.com
Tue Feb 26 11:47:12 EST 2002
Hello everybody.
Just installed MD 2.6 with multiplextor + sendmail 8.12.2
I'm experimenting a very strange behaviour.
I'm using OE 6.00.2600.0000 to send an e-mail to the MD + sendmail
server. I have attached a document .eml, and mimedefang doesn't remove
it (my filter should remove the entire message).
Follow my /etc/mail/mimedefang-filter. Any ideas?
TIA.
# -*- Perl -*-
#***********************************************************************
#
# mimedefang-filter
#
# Sample implementation of "filter" function for MIMEDefang.
# Your filter *must* be correct Perl code, *must* return "1" when
# sourced; and *must* be placed in /etc/mail/mimedefang-filter.
#
# This filter is "low risk" because it is very restrictive about what
# it allows through. Note that it DOES allow HTML attachments through,
# which may be a problem for your e-mail client.
#
# Copyright (C) 2000 Roaring Penguin Software Inc.
#
# This program may be distributed under the terms of the GNU General
# Public License, Version 2, or (at your option) any later version.
#
# $Id: low-risk-filter,v 1.17 2002/02/08 13:51:53 dfs Exp $
#***********************************************************************
#***********************************************************************
# Set administrator's name here. The administrator receives
# quarantine messages and is listed as the contact for site-wide
# MIMEDefang policy. A good example would be 'defang-admin at mydomain.com'
#***********************************************************************
$Administrator = 'postmaster at aive.it';
#***********************************************************************
# Set the e-mail address from which MIMEDefang quarantine warnings and
# user notifications appear to come. A good example would be
# 'mimedefang at mydomain.com'. Make sure to have an alias for this
# address if you want replies to it to work.
#***********************************************************************
$DaemonAddress = 'mailer-daemon at aive.it';
#***********************************************************************
# Set various stupid things your mail client does below.
#***********************************************************************
# Set the next one if your mail client cannot handle nested multipart
# messages
$Stupidity{"flatten"} = 0;
# Set the next one if your mail client cannot handle multiple "inline"
# parts (*cough* Exchange *cough* Outlook)
$Stupidity{"NoMultipleInlines"} = 0;
#***********************************************************************
# %PROCEDURE: filter_begin
# %ARGUMENTS:
# None
# %RETURNS:
# Nothing
# %DESCRIPTION:
# Called just before e-mail parts are processed
#***********************************************************************
#sub filter_begin {
# # Only if you have NAI virus scanner, use this. See the
mimedefang-filter
# # man page for other virus scanners.
# $VirusFound = message_contains_virus_nai();
#
# # Example: Only allow mailing to "all at mycorp.com" from our mail server
# $OurMailServer = 192.168.7.4;
# if ($RelayAddr ne $OurMailServer) {
# foreach $recip (@Recipients) {
# if ($recip eq 'all at mycorp.com') {
# action_bounce('Outsiders may not mail to all at mycorp.com');
# last;
# }
# }
# }
#}
#***********************************************************************
# %PROCEDURE: filter_begin
# %ARGUMENTS:
# None
# %RETURNS:
# Nothing
# %DESCRIPTION:
# Called just before e-mail parts are processed
#***********************************************************************
sub filter_begin {
# ALWAYS drop messages with suspicious chars in headers or body
if ($SuspiciousCharsInHeaders || $SuspiciousCharsInBody) {
#action_quarantine_entire_message();
action_bounce("The message was rejected because of suspicious characters
in headers and/or body.");
#if ($SuspiciousCharsInHeaders) {
# action_notify_administrator("Message quarantined because of suspicious
characters in headers");
#} else {
# action_notify_administrator("Message quarantined because of suspicious
characters in body");
#}
# Do NOT allow message to reach recipient(s)
#action_discard();
}
# action_rebuild() is DEPRECATED. It causes all kinds of problems.
# action_rebuild();
}
#***********************************************************************
# %PROCEDURE: filter
# %ARGUMENTS:
# entity -- a Mime::Entity object (see MIME-tools documentation for
details)
# fname -- the suggested filename, taken from the MIME
Content-Disposition:
# header. If no filename was suggested, then fname is ""
# ext -- the file extension (everything from the last period in the name
# to the end of the name, including the period.)
# type -- the MIME type, taken from the Content-Type: header.
#
# NOTE: There are two likely and one unlikely place for a filename to
# appear in a MIME message: In Content-Disposition: filename, in
# Content-Type: name, and in Content-Description. If you are paranoid,
# you will use the re_match and re_match_ext functions, which return
true
# if ANY of these possibilities match. re_match checks the whole name;
# re_match_ext checks the extension. See the sample filter below for
usage.
# %RETURNS:
# Nothing
# %DESCRIPTION:
# %DESCRIPTION:
# This function is called once for each part of a MIME message.
# There are many action_*() routines which can decide the fate
# of each part; see the mimedefang-filter man page.
#***********************************************************************
sub filter {
my($entity, $fname, $ext, $type) = @_;
# For convenience, compute lower-case versions of filename and extension
my($lc_fname) = $fname;
my($lc_ext) = $ext;
$lc_fname =~ tr/A-Z/a-z/;
$lc_ext =~ tr/A-Z/a-z/;
####################################################################
# #
# Filter rules follow #
# #
####################################################################
#-------------------------------------------------------------------
# Quarantine viruses
#-------------------------------------------------------------------
# Only if you have NAI virus scanner, use this. See the
mimedefang-filter
# man page for other virus scanners.
#if ($VirusFound && entity_contains_virus_nai($entity)) {
# # Notify the sender if you desire
# action_notify_sender("The attachment '$fname' was deleted. It
contains\n".
# "a known virus.\nHere is the output from the virus
scanner:\n$VirusScannerMessages");
#
# return action_quarantine($entity, "The attachment $fname contains a
known virus. It has been quarantined.\nHere is the output from the virus
scanner:\n$VirusScannerMessages");
#}
#-------------------------------------------------------------------
# Quarantine possible executables.
#-------------------------------------------------------------------
if (re_match_ext($entity,
'^\.(exe|com|bat|vbs|scr|shs|dll|vxd|pif|reg|ocx|lnk|js|ini|mdb|wpd|wk4|
eml)$')){
# Notify the sender if you desire
#action_notify_sender("The attachment '$fname' was deleted. We do
not\n".
# "accept attachments of type '$ext'.\n");
action_notify_sender("The message was deleted. We do not accept\n".
"message with attachments of type '$ext'.\n");
# Discard the message
return action_discard();
# Quarantine the attachment.
#return action_quarantine($entity, "An attachment named $fname was
removed from this document as it\nconstituted a security hazard. If you
require this document, please contact\nthe sender and arrange an
alternate means of receiving it.\n");
}
#-------------------------------------------------------------------
# Accept any kind of textual attachment
#-------------------------------------------------------------------
if ($type =~ m+^text/+) {
return action_accept();
}
# This type is generated by some buggy mail clients.
if ($type eq "text") {
return action_accept();
}
#-------------------------------------------------------------------
# Messages (generated by mail transfer agents)
#-------------------------------------------------------------------
if ($type =~
m+^message/(rfc822|partial|news|delivery-status|disposition-notification
)$+) {
return action_accept();
}
#-------------------------------------------------------------------
# Images with stringent filename checks
#-------------------------------------------------------------------
if (($type eq "image/jpeg" && ($lc_ext eq ".jpg" || $lc_ext eq ".jpeg"))
||
($type eq "image/gif" && $lc_ext eq ".gif") ||
($type eq "image/bmp" && $lc_ext eq ".bmp") ||
($type eq "image/png" && $lc_ext eq ".png") ||
($type eq "image/tiff" && ($lc_ext eq ".tif" || $lc_ext eq ".tiff"))) {
return action_accept();
}
#-------------------------------------------------------------------
# PDF's are OK if the filename is sane
#-------------------------------------------------------------------
if ($type eq "application/pdf" && $lc_ext eq ".pdf") {
return action_accept();
}
#-------------------------------------------------------------------
# ZIP's are OK. My boss also want xls, doc and ppt
#-------------------------------------------------------------------
if (re_match_ext($entity, '^\.(xls|doc|ppt|zip|gz|tgz|Z)$')){
return action_accept();
}
#-------------------------------------------------------------------
# Don't do double-defanging on things we recognize as safe
#-------------------------------------------------------------------
if ($type eq "application/octet-stream" && $fname =~
/^defang-\d+\.binary$/) {
return action_accept();
}
#-------------------------------------------------------------------
# Drop anything else
#-------------------------------------------------------------------
#return action_drop_with_warning("An attachment named $fname was removed
from this document as it\nis of unknown type and may constitute a
security hazard.\nIf you require this document, please contact\nthe
sender and arrange an alternate means of receiving it.\n");
return action_bounce("The message was rejected because it contains an
unknown attachment type.");
}
#***********************************************************************
# %PROCEDURE: defang_warning
# %ARGUMENTS:
# oldfname -- the old file name of an attachment
# fname -- the new "defanged" name
# %RETURNS:
# A warning message
# %DESCRIPTION:
# This function customizes the warning message when an attachment
# is defanged.
#***********************************************************************
sub defang_warning {
my($oldfname, $fname) = @_;
return
"An attachment named '$oldfname' was converted to '$fname'.\n" .
"To recover the file, right-click on the attachment and Save As\n" .
"'$oldfname'\n";
}
# DO NOT delete the next line, or Perl will complain.
1;
More information about the MIMEDefang
mailing list